SCharchouf's Posts

I'm using the below script to get Promiscuous Mode then I set it to desired value, I need assistance in order to create a script that can: First get Promiscuous Mode identify ESXi that have wrong configuration set configuration to desired value $ESXs=get-vmhost $ESXs | % { $esx=$_ ; $switchs= Get-VirtualSwitch $esx $switchs | % { $switch=$_ ; $sec=Get-SecurityPolicy $switch ; ` "$esx $switch $($sec.AllowPromiscuous) $($sec.ForgedTransmits) $($sec.MacChanges)" >> $file_before} } $ESXs | Get-VirtualSwitch | Get-SecurityPolicy | Set-SecurityPolicy ` -MacChanges $false ` -ForgedTransmits $false ` -AllowPromiscuous $false $ESXs | % { $esx=$_ ; $switchs= Get-VirtualSwitch $esx $switchs | % { $switch=$_ ; $sec=Get-SecurityPolicy $switch ; ` "$esx $switch $($sec.AllowPromiscuous) $($sec.ForgedTransmits) $($sec.MacChanges)" >> $file_after } }

Hello I'm using the below script to get VDS Port Group it's working fine but I'm getting the warring message: WARNING: The output of the command produced distributed virtual portgroup objects. This behavior is obsolete and may change in the future. To retrieve distributed portgroups, use Get-VDPortgroup cmdlet in the VDS component. To retrieve standard portgroups, use -Standard. I would like to understand why I'm getting this warrning and how I car relidiate using the similar way used in my script? Get-VMHost -PipelineVariable ESX | Get-VirtualPortGroup | Select-Object @{N='VMHost';E={$esx.Name}},VirtualSwitch,Name,VlanId | Out-String | ForEach-Object { $_.Trim() } > ".\VDSportGroup.txt" #Verify if VlanID is set to 0 or 1, if so, then Check Get-VirtualPortGroup-Config.txt $CheckVlanID = (Get-Content .\VDSportGroup.txt | Format-Table VlanId | findstr /v " _$Null VlanId ----- _$Null") | where-object {$_ -like '*0*' -like '*1*'} | ForEach-Object{$_.split(".")[0]} function VDSPort{         if ($Null -eq $CheckVlanID) {             Write-Log -StartTab 1 -LinesBefore 1 -Level Success -Message "All Hosts have VlanID configured with value between 2 and 4094 " -FilePath $LogFile             }         else {             Write-Host -f red "Hosts with wrong VlanID detected"             Write-Log -StartTab 1 -LinesBefore 1 -Level Success -Message "Check Get-VirtualPortGroup-Config file for host(s) $CheckVlanID" -FilePath $LogFile             } } VDSPort

I'm trying to create a script to disable ESXi shell, as I'm in the obligation to get the configuration before any change things I made the script like this #Collect configuration Get-VMHost | Get-VMHostService | Where { $_.key -eq "TSM" } | Select VMHost, Key, Label, Policy | Out-String | ForEach-Object { $_.Trim() } > ".\ESXiShell.txt" # Verification $CheckESXi_Shell_Disabled = (gc .\HardeningESXi-Logs\ESXi_Shell_Disabled-Config.txt | ft Value | findstr /v " _$Null Value ----- _$Null") | where-object {$_ -notlike '*off*'} | foreach{$_.split(".")[0]} function ESXiDisabled {     if ($CheckESXiDisabled -eq "off") {     Write-Log -Level Success -Message "All Hosts have ESXi shell disabled" -FilePath $LogFile     }     else {     Write-Host -f red "Host(s) with ESXi Shell not set as required "     Write-Log -Level Success -Message  "Fixing host(s)" -FilePath $LogFile     $CheckESXiDisabled | ForEach-Object {Get-VMHost | Get-VMHostService | Where { $_.key -eq "TSM"} | Set-VMHostService -Policy Off     } } } ESXiDisabled unfotunaly the script is not working as expected, if I change the policy from GUI I'm expecting that the script detect that and do change and if the policy is set to OFF script should say that and nothing is done